We recommend that you verify the integrity of the downloaded files using the PGP or MD5 signatures. The PGP signatures can be verified using PGP or GPG
after downloading the
KEYS as well as the
PGP signature file for the particular distribution.

Previous non-Apache releases

Previous non-Apache versions and different download mirrors can be found on SourceForge.net